Do Healthcare IT Departments Know to Require Compliance from Their ISVs?

As a leading Cloud Service Provider (CSP) for Healthcare organizations and Government agencies, Project Hosts is often approached by IT professionals in search of effective security and compliance. In 2011, the Cloud First Initiative required government agencies to seek cloud adoption wherever possible. In order to ensure the security of their workloads and data, these agencies were required to work with FedRAMP compliant CSPs like Project Hosts. In healthcare, the mandate states that all Protected Healthcare Information (PHI) hosted in the cloud has all of the required security protections in place, such as HIPAA. But HIPAA alone falls short of the security requirements of HITRUST, which adds security controls, including security audits. The question is, when working with ISVs, do these healthcare IT professionals know to require such compliances?

Today, more doctors and nurses are using tablets and smartphones when caring for patients. IT departments are asked to integrate apps from ISVs on different operating systems, such as iOS and Android. This creates a greater threat to data security with hackers using advanced methods to access personal data. According to Mike Monocello’s article in the DEVPRO Journal on March 1, 2018, “Regulations are a huge driving force behind technological adoption in the healthcare industry. There’s no reason to think this trend won’t continue.” ISVs can rely on Project Hosts to gain HIPAA/HITRUST compliance for their applications, while also gaining access to Azure experts who can architect, build, scale and provide advanced DRaaS, backup and archiving for their SaaS solutions.

When considering ISVs or 3rd Party Risk, Jane Harper, Director of Privacy and Security Risk Management for Henry Ford Health Systems shared what she is looking for with HIMSS TV. “You want to make sure that you are meeting all of the regulatory requirements. As a covered entity, we are fortunate in the fact that the HIPAA rule gave us a template or a standard that has all of the required elements. At HFHS, we added right to audit clauses, risk assessments, things to help protect not just our patients and members, but our reputation and help level set for the 3rd party hat is expected.” By leveraging Project Hosts’ HIPAA/HITRUST Azure Security Envelope, ISVs can assure that they are meeting the requirements Jane Harper is seeking in a 3rd Party and allow them to allocate more resources to develop innovative software applications that improve the customer experience and maximize operational efficiencies.